Category

Web Security Academy

Toufiq |
Last updated: May 13, 2020 10:37AM UTC

I am learning how to perform blind SQL injection in Web Security Academy Labs, in some of them i need to retrieve administrator's password which is "20" character long and doing it manually(using intruder) is not fine. I takes approx half hour to complete one such lab in Burp Suite Community Edition command there are three of them. So can you please reduce the password character to 5 or 6. I kindly request you to look into this matter.
PS: Your Web Security Academy is amazing and I got to learn many things up till now and Thank you for your time.

Ben, PortSwigger Agent |
Last updated: May 13, 2020 12:35PM UTC

Hi,
Thank you for the great feedback!
Unfortunately, when we added the Authentication Web Academy topic we had to make a central change to the length of passwords being used. This affected the length of passwords being used in the other labs as well (including the SQL injection labs that you have mentioned).